Skip to main content
Internet Archive's 25th Anniversary Logo

Shmoocon

Shmoo Group

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.



rss RSS

473
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
Shmoocon 2016
Shmoocon 2016
collection
39
ITEMS
88,586
VIEWS
collection

eye 88,586

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
Shmoocon 2015
Shmoocon 2015
collection
48
ITEMS
25,206
VIEWS
by Shmoocon
collection

eye 25,206

DIFFERENT - ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It and Bring It On. AFFORDABLE - ShmooCon is about high quality without the high price. Keep in mind that space is...
Shmoocon 2008
Shmoocon 2008
collection
42
ITEMS
2,244
VIEWS
by Various
collection

eye 2,244

DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.  The first day is a single track of speed talks called One Track Mind.  The next two days bring three tracks:  Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
Shmoocon 2014
movies

eye 11,495

favorite 4

comment 0

Controlling USB Flash Drive Controllers: Expose of Hidden Features Richard Harman With stories of "BadBIOS" infecting PCs simply by connecting a malicious USB flash drive to a PC, it's time we learned about flash drives and their controllers. Consumer USB flash drives are cheap, growing in capacity and shrinking in physical size. There are only around 15 prominent controller chip manufacturers whom you have never heard of, but OEM for all the popular and respected "name...
Shmoocon 2008
movies

eye 709

favorite 0

comment 0

I Piss on Your AV shmoocon presentation 2008
Shmoocon 2009
Shmoocon 2009
collection
40
ITEMS
3,181
VIEWS
by Various
collection

eye 3,181

DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.  The first day is a single track of speed talks called One Track Mind.  The next two days bring three tracks:  Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
Shmoocon 2012
Shmoocon 2012
collection
41
ITEMS
3,479
VIEWS
by Shmoo Group
collection

eye 3,479

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
Shmoocon 2016
movies

eye 5,504

favorite 2

comment 0

Every IR presents unique challenges. But–when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day–the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the...
Shmoocon 2014
Shmoocon 2014
collection
42
ITEMS
28,687
VIEWS
by Shmoocon
collection

eye 28,687

Shmoocon 2014: Held in Washington D.C. from January 17-19, 2014, at the Washington Hilton. This collection contains all recorded main area talks at the event. DIFFERENT - ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next...
Topics: Shmoocon, Hacker Con, Security, Presentations
Shmoocon 2013
Shmoocon 2013
collection
38
ITEMS
2,087
VIEWS
collection

eye 2,087

DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.  The first day is a single track of speed talks called One Track Mind.  The next two days bring three tracks:  Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
Shmoocon 2007
Shmoocon 2007
collection
36
ITEMS
2,493
VIEWS
collection

eye 2,493

ShmooCon is an American hacker convention organized by The Shmoo Group. There are typically 40 different talks and presentations on a variety of subjects related to computer security and cyberculture. Multiple events are held at the convention related to cryptography and computer security such as Shmooganography, Hack Fortress, a locksport village hosted by TOOOL DC, and Ghost in the Shellcode.
Shmoocon 2006
Shmoocon 2006
collection
35
ITEMS
2,540
VIEWS
collection

eye 2,540

DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.  The first day is a single track of speed talks called One Track Mind.  The next two days bring three tracks:  Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
Shmoocon 2010
Shmoocon 2010
collection
36
ITEMS
1,869
VIEWS
collection

eye 1,869

ShmooCon is an American hacker convention organized by The Shmoo Group. There are typically 40 different talks and presentations on a variety of subjects related to computer security and cyberculture. Multiple events are held at the convention related to cryptography and computer security such as Shmooganography, Hack Fortress, a locksport village hosted by TOOOL DC, and Ghost in the Shellcode.
Shmoocon 2016
by Joseph Hall and Ben Ramsey
movies

eye 441

favorite 0

comment 0

Smart energy and building automation are powerful technologies with significant promise. Unfortunately, the global rush to connect as many devices to the network as possible leads to unintended vulnerabilities. The ability to physically damage hardware by abusing network access is particularly interesting. This talk has two goals: 1) introduce an open source tool for pen-testing proprietary Z-Wave wireless automation networks and 2) discuss a rapid process for destroying florescent lights....
Shmoocon 2016
by Andrew Kalat
movies

eye 23,569

favorite 6

comment 0

Most hackers have a massive digital footprint: social media, servers at co-location sites, servers at home, overly-complicated IT infrastructure, and various other IT gear connected in crazy ways. What happens when one of us suddenly dies? How do our loved ones pick up the pieces, figure out all of our random IT crap that we’ve setup, and move forward? This talk explores the challenges, opportunities, and lessons learned as I aided in figure out the IT gear after the passing of a dear friend...
Shmoocon 2014
by Scott Moulton
movies

eye 329

favorite 0

comment 0

You Don't Have the Evidence Scott Moulton Forensic imaging tools have one purpose, to soundly copy every sector on a device to a destination device and report success or failure without changing data. In the last 20 years most forensic imaging tools have not progress and continue to use the same basic code for imaging a drive. When encountering damage many of the tools have no ability to deal with the damage and quit, crash, or worse; do more damage to the drive they are trying to recover from....
Shmoocon 2006
movies

eye 157

favorite 0

comment 0

Windows Vista HEAP
Shmoocon 2011
Shmoocon 2011
collection
41
ITEMS
4,402
VIEWS
collection

eye 4,402

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
Shmoocon 2011
by Peiter "Mudge" Zatko
movies

eye 54

favorite 0

comment 0

DARPA, the Defense Advance Research Project Agency, directs billions of dollars towards research. One of these research areas is Cyber. In 2010 DARPA hired "Mudge", the hacker who led the early hackerspace L0pht @stake, to create, direct, and manage cyber research efforts for the Department of Defense. This talk presents the new approaches that the agency is embracing and types of research efforts and how they diverge from traditional cyber efforts. Much of the existing and historic...
Shmoocon 2015
movies

eye 352

favorite 1

comment 0

Where The Wild Things Are [SC2015]
Shmoocon 2015
movies

eye 8,665

favorite 0

comment 0

Knock Knock [SC2015]
Shmoocon 2016
by Sean Cassidy
movies

eye 1,382

favorite 1

comment 0

LastPass holds all of your secrets. Its login prompts and alerts occur within the browser window, which attackers can control. When the victim visits the target site–which can look completely inconspicuous, such as a news website–after a delay a LastPass notification will appear if the user has LastPass installed prompting the user to log in because their session has expired. The log in screen, which always appears within the browser window, is customized for each browser and operating...
Shmoocon 2006
movies

eye 56

favorite 0

comment 0

Black Ops Of TCIP 2005
Shmoocon 2012
movies

eye 362

favorite 0

comment 0

Credit Card Fraud
Shmoocon 2014
by Joshua Schroeder and Spencer Brooks
movies

eye 329

favorite 0

comment 0

CCTV: Setup, Attack Vectors, and Laws Joshua Schroeder and Spencer Brooks Ever wonder how to setup a CCTV Digital Video Recording security system? This talk will show how to do that, as well as key factors like attack vectors and recording laws. First, we will go over basic setup on how we planned out this project and current price points for entry. This will include things to be mindful of such as camera quality, disk space and other features. In the second part, we will cover attack vectors...
Shmoocon 2014
by Bruce Schneier
movies

eye 626

favorite 1

comment 0

The NSA: Capabilities and Countermeasures Bruce Schneier Edward Snowden has given us an unprecedented window into the NSA's surveillance activities. Drawing from both the Snowden documents and revelations from previous whistleblowers, I will describe the sorts of surveillance the NSA does and how it does it. The emphasis is on the technical capabilities of the NSA, not the politics of their actions. This includes how it conducts Internet surveillance on the backbone, but is primarily focused on...
Shmoocon 2009
movies

eye 59

favorite 0

comment 0

The Day Spam Stopped
Shmoocon 2012
movies

eye 105

favorite 0

comment 0

Malware As Art
Shmoocon 2008
movies

eye 48

favorite 0

comment 0

Backtrack Demo
Shmoocon 2016
movies

eye 2,236

favorite 0

comment 0

This presentation will explore how you can survey the wireless world of the radio spectrum to get an idea of the signals around you, and decode transmissions that can be received by pointing an antenna towards satellites in space. Both are accomplished using Software Defined Radio and open source software, and emphasis is placed on the security (or lack thereof) in these communications systems. Using a drone, you can create your very own airborne RF surveying platform, so that you can fly your...
Shmoocon
movies

eye 33

favorite 0

comment 0

U2F Zero
Shmoocon 2006
movies

eye 62

favorite 0

comment 0

Hacking The Friendly Skies
Shmoocon 2006
movies

eye 69

favorite 0

comment 0

VoIP WiFi Phone Security Analysis
Shmoocon 2014
by Bruce and Heidi Potter
movies

eye 308

favorite 0

comment 0

ShmooCon 2014 - Opening Remarks Rumblings and Rants
Shmoocon 2010
movies

eye 42

favorite 0

comment 0

Tales From The Crypto
Shmoocon 2012
movies

eye 37

favorite 0

comment 0

Shmoocon 2012 Keynote
Shmoocon 2016
movies

eye 1,211

favorite 0

comment 0

In the system hardening space, we’ve been using chroot jails to contain compromised programs. These jails were better than nothing, but were easily escaped by many attackers. As Linux containers become more mature, we can use them to replace these jails. This talk will teach you how to use Linux Containers, through both Docker and Ubuntu’s new LXD, to create far better jails for programs, containing their compromise. You will leave this demo-heavy talk immediately able to use both...
Shmoocon 2008
movies

eye 41

favorite 0

comment 0

Bypassing Antivirus on Windows Vista muts
Shmoocon 2016
by Carl Vincent
movies

eye 1,570

favorite 0

comment 0

This talk focuses on showcasing examples of the GO programming language being utilized to rapidly prototype, and ultimately maintain software designed to perform common or useful post-exploitation tasks. Source code for each feature will be provided, and is intended to exaggerate the limited amount of code and code familiarity required to construct relatively complex payloads capable of performing offensive security tasks fully either in an automated, or fully antonymous context. Carl is a...
Shmoocon 2014
by Jake Williams and Alissa Torres
movies

eye 406

favorite 0

comment 0

ADD -- Complicating Memory Forensics Through Memory Disarray Jake Williams and Alissa Torres In this presentation, we'll present ADD (attention deficit disorder), a tool that litters Windows physical memory with (configurable amounts and types of) garbage to disrupt memory forensics. Memory forensics has become so mainstream that it's catching too many malware authors during routine investigations (making Jake a sad panda). If memory forensics were much harder to perform, then attackers would...
Shmoocon 2007
by Sean Coyne, Ivan Krstic, Jason Scott, Scott Roberts
movies

eye 48

favorite 0

comment 0

The Children's Machine, also known as the XO-1 and previously as the $100 Laptop, is a low-cost, power-efficient and durable machine developed by faculty members of the MIT Media Lab at the One Laptop per Child non-profit organization (OLPC). The laptop's purpose is to redefine learning for children in developing countries, particularly those living in the most remote areas and in the poorest of countries, by providing them with access to knowledge and modern forms of education. The laptops...
Shmoocon 2013
movies

eye 63

favorite 0

comment 0

Shmoocon 2013 C10M Defending The Internet At Scale
Shmoocon 2012
movies

eye 294

favorite 0

comment 0

TTL Penetration
Shmoocon 2016
movies

eye 1,487

favorite 0

comment 0

We’ve taken a novel approach to automating the determination of a phisher’s geographic location. With the help of Markov chains, we craft honeypot responses to phishers’ emails in an attempt to beat them at their own game. We’ll examine the underlying concepts, implementation of the system, and reveal some of the results from our ongoing experiment. Robbie Gallagher is a security engineer with Atlassian in Austin, Texas. He received his bachelor’s degree in applied computing...
Shmoocon 2011
movies

eye 113

favorite 0

comment 0

Reverse engineering is a complicated process that has a lot of room for improvement. This talk will showcase some improvements to our visualization framework, VERA. New features that decrease the overall time to reverse a program will be shown. New items are a debugger based interface which allows for faster analysis without the need for a hypervisor, integrated trace processing tools, IDA Pro integration, and an API to interface with the display. During the talk I will reverse engineer malware...
Shmoocon 2011
movies

eye 481

favorite 0

comment 0

Advances in binary analysis and forensics over the past two years have been astonishing. A new era has begun which consists of semi-automated, closed-source analysis on every conceivable software target. There is one relatively untouched area that deserves to be cracked like a nut, namely software loaded on hardware targets such as microcontrollers, complex programmable logic devices (CLPD), field programmable gate arrays (FPGA) and more capable microprocessor cores. We will survey a number of...
Shmoocon 2012
movies

eye 82

favorite 0

comment 0

Attacking Proximity Card Access Systems
Shmoocon 2015
movies

eye 136

favorite 0

comment 0

Crypto [SC2015]
Shmoocon
movies

eye 12

favorite 0

comment 0

Friday Night Firetalks
Shmoocon 2011
by G W Ray Davidson III, PhD
movies

eye 83

favorite 0

comment 0

One of the required classes in the Information Technology department at Purdue University Calumet is a senior design class, wherein students use the knowledge obtained in previous classes to design a network to serve a useful purpose. The author has worked on the ShmooCon Labs team for the past 3 years, and (perhaps due to cabin fever induced by the Shmoopocalypse of 2010) used that experience as the inspiration for the design project in Spring of 2010. Students were given the assignment to...
Shmoocon 2008
movies

eye 41

favorite 0

comment 0

Forensic Image Analysis to Recover Passwords d Smith
Shmoocon 2014
movies

eye 378

favorite 0

comment 0

Introducing DARPA's Cyber Grand Challenge Mike Walker Could a purpose-built supercomputer play DEFCON capture the flag? Mike Walker joined DARPA as a Program Manager in January 2013. His research interests relate to machine reasoning about software in situ and the automation of application security lifecycles. Mr. Walker has extensive industry experience. Prior to joining DARPA he worked as a security software developer, enterprise security architect, and research lab leader.
Shmoocon 2014
by Aaron Beuhring and Kyle Salous
movies

eye 446

favorite 0

comment 0

Raising Costs for Your Attackers Instead of Your CFO Aaron Beuhring and Kyle Salous Everyone knows that blacklisting is not effective and that whitelisting is a better solution, so why isn't anyone doing it? Organizations continue to spend money on the latest technologies in hopes that if they spend enough they will somehow become secure. Chances are that that these same organizations already own technology that can provide far more powerful defense than new blinking boxes but just haven't...
Shmoocon 2009
movies

eye 53

favorite 0

comment 0

Automated Computer Mapping Of Large Binary Objects
Shmoocon 2013 Strategies of a World Class Security Incident Response Team
Shmoocon 2009
movies

eye 71

favorite 0

comment 0

Re playing With (blind) SQL Injection
Shmoocon 2009
movies

eye 29

favorite 0

comment 0

Off the Shelf Security
Shmoocon 2013
movies

eye 34

favorite 0

comment 0

Shmoocon 2013 The Cloud Storms on the Horizon
Shmoocon 2006
movies

eye 80

favorite 0

comment 0

Cybersecurity & Accountability
Shmoocon 2006
movies

eye 41

favorite 0

comment 0

Network Policy Enforcement
Shmoocon 2006
movies

eye 47

favorite 0

comment 0

Trojans Botnets And Malware Oh My!
Shmoocon 2016
movies

eye 796

favorite 2

comment 0

Are you a Bond villain, whistle-blower, clandestine operative, secret courier, paranoid schizophrenic or generally sketchy character who wants the ability to make your data go up in a puff of smoke at the drop of a hat when the bad guys close in? This talk will focus on implementing practical, low cost, and not entirely unsafe mobile data destruction solutions for your hopefully imaginary needs. Going beyond Shane Lawson, Bruce Potter, and Deviant Ollam’s 3U rackmount requirements from DEFCON...
Shmoocon 2012
movies

eye 55

favorite 0

comment 0

Training Security Nerds
Shmoocon 2012
movies

eye 49

favorite 0

comment 0

Doing INFOSEC Right Pt 2
Shmoocon 2012
movies

eye 81

favorite 0

comment 0

DARPA's Cyber Fast Track
Shmoocon 2012
movies

eye 67

favorite 0

comment 0

Emergency Data Destruction
Shmoocon 2014
by Various
movies

eye 187

favorite 0

comment 0

ShmooCon FireTalks are 15 minute presentations meant to be an alternative to the traditional 30 to 90 minute conference format. Similar to 5 minute Lightning Talks, the purpose is to challenge speakers to skip the BS and instead dive right into the core of their content in a more relaxed alternative environment. Unlike Lightning Talks, which are usually performed in rapid succession, the additional time allows the speaker to follow a more traditional introduction, body, and conclusion format....
Shmoocon 2014
by Christopher Truncer, Will Schroeder, and Michael Wright
movies

eye 181

favorite 0

comment 0

AV Evasion With the Veil Framework Christopher Truncer, Will Schroeder, and Michael Wright As antivirus (finally) has started to slowly increase in effectiveness, more and more of the payloads used during penetration tests are being caught. While the industry as a whole has demonstrated its capabilities of bypassing AV solutions in nearly all situations, valuable assessment time is often lost. The Veil-Evasion Framework (Veil) was developed to solve this problem by offering a modular,...
Shmoocon 2007
movies

eye 129

favorite 0

comment 0

Welcome
Shmoocon 2014
movies

eye 359

favorite 0

comment 0

The "Science of Cyber" and the Next Generation of Security Tools Paulo Shakarian Governments around the world are investing heavily in the so called "science of cyber" in order to create a rigorous scientific base for the next generation of security tools. But what's going on in the walled-off world of academia? Will this new science eventually lead to more improved security in cyber space? In this talk, I will describe three ongoing projects at West Point in collaboration...
Shmoocon 2014
movies

eye 258

favorite 0

comment 0

Operationalizing Threat Information Sharing: Beyond Policies and Platitudes Sean Barnum and Aharon Chernin Threat intelligence sharing is a hot topic of conversation today that already affects or soon will affect most of us in the infosec community. Like most hot topics this tends to generate a lot of cliched buzzworditis and well-meant but unrealistic policy. Cue the shmooballs! But what does it take to move beyond just talking about cyber threat intelligence sharing and making it an...
Shmoocon 2009
movies

eye 503

favorite 0

comment 0

The Gentlemen's Agreement
Shmoocon 2010
movies

eye 34

favorite 0

comment 0

Better Approaches To Physical Tamper Detection
Shmoocon 2012
movies

eye 95

favorite 0

comment 0

37mm Aerial Surveillance
Shmoocon 2006
movies

eye 34

favorite 0

comment 0

Anonym.OS